package webbandidong.auth;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import webbandidong.util.Constant;

public class CheckAuth {

    public static boolean checkAdminAuth(HttpServletRequest request,
            HttpServletResponse response) throws Exception {
        HttpSession session = request.getSession();
        String username = (String)session.getAttribute(Constant.USER_NAME);
        String userRole = (String)session.getAttribute(Constant.USER_ROLE);
        if (username == null || "".equals(username)) {
            response.sendRedirect("/admin.htm?returnurl=" + request.getRequestURI());
            return false;
        }
        else if (userRole == null || !Constant.ADMIN_ROLE.equals(userRole)) {
            response.sendRedirect("/admin/permission.htm");
            return false;
        }
        return true;
    }
}
